hate when this happens to me

Friend: No this makes sense, it's a chain of dependencies. Every teams channel is a SharePoint folder

I think god is dead for sure

This essay is an utterly brilliant take on #AIhype. I'll put a few excerpts here, but you should definitely go read the whole thing:

https://karawynn.substack.com/p/language-is-a-poor-heuristic-for

>>

Use the Defcon Wifi (new blog)

Many security professionals, especially on social media, have an unfortunate tendency towards what we might call performative security. It’s where people broadcast their security measures to show how aware they are, and they suggest others follow their lead. It’s the inverse of security theater where ineffective security is imposed on us by organizations. It’s often ineffective, inconvenient, or both.

And today’s bad advice is “Don't use the defcon wifi.”

The #Defcon and #Blackhat networks are some of the most monitored networks anywhere. No one's going to blow an 0-day by using it on either network. This assumes everything's up to date and fully patched, and that you join the official networks, which are listed on signage around the venues. It also assumes that all your apps are using TLS everywhere. In contrast, there is a never-ending parade of warnings about malware in telecom infrastructure. There are routinely reports of extra base stations around Las Vegas. (I’ve heard numbers on the order of an extra 50, of which I’d guess many are simply just-in-time capacity from authorized suppliers.) The lack of authentication of base stations is apparently a ...feature... that’s never going to be fixed.

Now, there’s another way to interpret this, which is to put your devices in airplane mode or a Faraday cage, and that’s not awful advice. Disconnect. Be present. Enjoy the events. Talk to the people around you. If you want to disconnect, a well-constructed Faraday cage is safer than airplane mode, which let bluetooth and wifi work.

When I was at Microsoft, some of my co-workers made a big deal of how they locked down their laptop, or bought a burner for Defcon. Me? I asked why our products weren’t safe enough to use in that environment, given that they’re certainly used in more dangerous places.

https://shostack.org/blog/use-the-defcon-wifi/

PLEASE SHARE ESP TO UNDERREPRESENTED WOMEN LOOKING FOR INFOSEC JOBS: We at Red Queen Dynamics are proud to bring you the Infosec.Exchange State Of The Instance webinar on August 3rd at 11AM Pacific.

Join me, @jerry, Mari Galloway, and Talya Parker to talk about opportunities for underrepresented women in cybersecurity startups after the Twittersplosion removed all our weak social ties. How do we find job postings now that we've all gone to different places? There will be some *very frank opinions* shared.

Get jobs! Talk to Jerry about how I.E. is working to increase the voice of underrepresented women on this platform! Learn from Mari and @TalyaParker about how best to reach to communities respectfully to provide job postings!

Learn more and sign up here: https://redqueendynamics.com/en/blog/infosec.exchanges-state-of-the-instance-navigating-startup-hiring-in-the-post-twitter-world

You know what’s software engineering? Regaining control over a computer 20 billion kilometers away thanks to the design decisions made 50 years prior. #voyager2

So, uh, if you see an orb in public, DO NOT PONDER IT, because it's going to steal your biometrics and give them to the worst people in silicon valley:
https://news.artnet.com/art-world/worldcoin-orb-ai-2341500

Due to popular demand, here is a list of the fedi-services that are part of the infosec.* family:
1 - https://infosec.exchange - Glitch-soc fork of Mastodon (this instance does not block threads.net)
2 - https://relay.infosec.exchange - Activitypub relay
3 - https://video.infosec.exchange - Peertube instance (like youtube)
4 - https://infosec.press - WriteFreely blog*
5 - https://pixel.infosec.exchange - Pixelfed instance (like instagram)
6 - https://matrix.infosec.exchange - Synapse (with sliding sync) homeserver*
7 - https://infosec.place - Akkoma instance (like mastodon)
8 - https://infosec.town - iceshrimp instance (like mastodon)
9 - https://infosec.pub - Lemmy instance (like reddit)
10 - https://fedia.io - General interest mbin instance (also like reddit)
11 - https://fedia.social - General interst Iceshrimp instance
12 - https://elk.infosec.exchange - Elk web interface for Mastodon
13 - https://books.infosec.exchange - Bookworym instance (like goodreads)
14 - https://meetups.infosec.exchange (mobilizon)
15 - https://infosec.space - Glitch-soc fork of Mastodon (this instance does
block threads.net)

*indicates the instance authenticates against Infosec.exchange

For 25+ yrs police, military, intel agencies and critical infrastructure around the world have relied on the TETRA radio standard to secure their critical communications. But now Dutch researchers have examined secret algorithms used in TETRA and found something startling -- an intentional backdoor. This and other issues the researchers found would allow malicious actors to decrypt communications and also, in some cases, send malicious communication to radios to affect critical infrastructure or disrupt police operations and more.
https://www.wired.com/story/tetra-radio-encryption-backdoor/

'Zyxel released a security advisory regarding this vulnerability on April 25, 2023. Subsequently, [CISA] added this security flaw to its [KEV] catalog in May.

'Since the publication of the exploit module, there has been a sustained surge in malicious activity... significant increase in attack bursts starting from May... multiple botnets, including Dark.IoT, a variant based on Mirai, as well as another botnet that employs customized DDoS attack methods'.
https://www.fortinet.com/blog/threat-research/ddos-botnets-target-zyxel-vulnerability-cve-2023-28771

Once again forced to witness the deepest horrors of our reality

The failure of the Internet to deliver its promise is particularly noticeable when you hunt for repair manuals for a product from the 90s. Used to be, the information would either be there or not there, finable or unfindable.

Now, there are hundreds of algorithmically generated sites claiming to have it just because it appeared in their search logs, generating potemkin village content traps with endless paging, broken-thumbnail named-like-the-file-you-want but actually-just-ebay-photos bullshit

xss is just a loser's rce

🚧 Brute-Forcing One-Time Passwords 🚧

My last two threads discussed the probability of brute-forcing OTPs, how to do it effectively and how to defend against attacks.

Here is an overview of the topics covered:

1. Bernoulli Processes 🧮
https://infosec.exchange/@kpwn/110520985360492457

2. Increasing and Decreasing Probabilities 🤞
https://infosec.exchange/@kpwn/110561329301840527

Here's everything compiled into a blog post 📰
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/

Do you find my content valuable?

🔔 Follow me for more web security content.

🔁 Also, boost this toot to spread the word!

#Infosec #CyberSecurity #BugBounty #Pentesting #Hacking #Passwords #OTP #Authentication

Ransomware, but they install an unlicensed copy of Oracle somewhere in your organization and threaten to tell Oracle about it if you don’t pay up.

AI is a lot like fossil fuel industry. Seizing and burning something (in this case, the internet, and more broadly, written-down human knowledge) that was built up over a long time much faster than it could ever be replenished.

It is confirmed that Reddit is forcing subreddits to open again. This is according to /r/antiwork moderators.

#reddit #blackout #redditmigration

"Reddit represents one of the largest data sets of just human beings talking about interesting things," Huffman said. "We are not in the business of giving that away for free."

You and me, we're just data sets. Years of interaction with fellow human beings, building community, sharing insight and creativity…it’s all just data. Data to be mined and monetized.

Huffman's not mad Reddit was scraped for a chatbot. He's mad he wasn't paid for the privilege. It's his data, you see. His. Not yours.